If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Choosing the correct exploit

Well, as you said you could do an nmap scan to determine the services and their versions or telnet or nc, after you get the service and the version you could actually check them on exploit-db to see if there are some exploits for them or use the search function from metasploit, there also is SHODAN who can search for such things.

Back|track giving machine guns to monkeys since 2007 !

Do not read theWiki, most your questions will not be answered there !Do not take a look at the: Forum Rules!

Re: Choosing the correct exploit

bobg2010 you pretty much got the idea, the other option is once services are identified to start coding your own exploits, using buffer over flows and under runs etc to exploit an architecture may sound daunting at first but theres plenty of good reads and tutorials. Learning python will give you a massive advantage in mostly what ever you do, however, once paired with the knowledge of a low level language like c++ ,(debatable), the world of exploitation really is open to your imagination.

Last edited by killadaninja; 04-10-2011 at 06:29 PM.

Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

Re: Choosing the correct exploit

I'll definitely have a look at SHODAN and down the track once I have the basics out of the way at developing my own exploits( I have a C/ASM background)

I had a question in regards to this

"after you get the service and the version you could actually check them on exploit-db to see if there are some exploits for them or use the search function from metasploit"

When I do a 'search' in metasploit it is only searching the exploits form within the framework3 directory correct? i.e on the backtrack install there is an 'exploitdb' directory as well which has the source code to a lot of exploits PLUS some metasploit ones ( .rb files)

If I want to use some of the prebuilt .rb files from the exploit directory what is the best way to call them from metasploit? Do I have to copy them across to the metasploits exploit directory first?

Re: Choosing the correct exploit

My question was.

"If I want to use some of the prebuilt .rb files from the exploit directory what is the best way to call them from metasploit? Do I have to copy them across to the metasploits exploit directory first? "

That section which I had already read through talks about porting over exploits.
I was just asking if you can call the existing .rb files which are already porter from metasploit directly without having to copy them accross.